Getting started with AWS

edit

The plugin will default to using IAM Role credentials for authentication. These can be overridden by, in increasing order of precedence, system properties aws.accessKeyId and aws.secretKey, environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_KEY, or the elasticsearch config using cloud.aws.access_key and cloud.aws.secret_key:

cloud:
    aws:
        access_key: AKVAIQBF2RECL7FJWGJQ
        secret_key: vExyMThREXeRMm/b/LRzEB8jWwvzQeXgjqMX+6br

Transport security

edit

By default this plugin uses HTTPS for all API calls to AWS endpoints. If you wish to configure HTTP you can set cloud.aws.protocol in the elasticsearch config. You can optionally override this setting per individual service via: cloud.aws.ec2.protocol or cloud.aws.s3.protocol.

cloud:
    aws:
        protocol: https
        s3:
            protocol: http
        ec2:
            protocol: https

In addition, a proxy can be configured with the proxy_host and proxy_port settings (note that protocol can be http or https):

cloud:
    aws:
        protocol: https
        proxy_host: proxy1.company.com
        proxy_port: 8083

You can also set different proxies for ec2 and s3:

cloud:
    aws:
        s3:
            proxy_host: proxy1.company.com
            proxy_port: 8083
        ec2:
            proxy_host: proxy2.company.com
            proxy_port: 8083

Region

edit

The cloud.aws.region can be set to a region and will automatically use the relevant settings for both ec2 and s3. The available values are:

  • us-east (us-east-1)
  • us-west (us-west-1)
  • us-west-1
  • us-west-2
  • ap-southeast (ap-southeast-1)
  • ap-southeast-1
  • ap-southeast-2
  • ap-northeast (ap-northeast-1)
  • eu-west (eu-west-1)
  • eu-central (eu-central-1)
  • sa-east (sa-east-1)
  • cn-north (cn-north-1)

EC2/S3 Signer API

edit

If you are using a compatible EC2 or S3 service, they might be using an older API to sign the requests. You can set your compatible signer API using cloud.aws.signer (or cloud.aws.ec2.signer and cloud.aws.s3.signer) with the right signer to use.

If you are using a compatible S3 service which do not support Version 4 signing process, you may need to use S3SignerType for cloud.aws.s3.signer, which is Signature Version 2.